Before we delve into what to expect in 2022 for cybersecurity, it’s important to look back. The year 2021 was not a great year for cybersecurity. While the physical workplaces may have had adequate security in terms of protection of servers and the network with firewalls, not so with the home environment for most. The rapid shift to remote working gave cyber attackers a field day capitalizing on the shortfalls in security. They savagely targeted businesses through vulnerabilities and gaps in remote working.
The year 2021 reported more data breaches than those of 2020. This makes cybersecurity a top operational priority in the year 2022 for several companies. We recommend that all businesses devote significant resources – time, budgets – to cybersecurity to stay ahead of the threats and avoid becoming victims of cybercrime. Cybercrime has the potential to lead to significant financial losses as well as reputational loss.
As you look to accelerate growth after a pandemic, allocating your resources effectively is vital in securing your critical infrastructure and getting an optimal return on investment. To inform those decisions, here are three can’t-miss cybersecurity trends for 2022.
1. Over 90% of Successful Attacks are People-Driven
The most popular online scam techniques today are phishing and ransomware attacks. Both phishing and ransomware attacks increased in number and revenue loss in 2021. We predict that these will continue to rise in 2022. People play a significant role in the success or otherwise of these attacks. For example:
- Staff clicking on suspicious (malicious) links in their emails.
- Employees downloading attachments in phishing emails that contain malware.
- Staff using removable media in and out of the workplace.
- Remote workers use public WiFi to do their office work in café’s.
We recommend that you focus on the role played by the “people factor” in ransomware and phishing attacks as you prepare to respond to these cyber threats in 2022.
What you can do
- Carry out cybersecurity awareness training. Regular employee training improves the ability to identify phishing attempts.
- Carry out simulation attacks for phishing and ransomware to determine the effectiveness of training
- Encourage employees to avoid writing down or sharing their passwords
If paired with employee oversight initiatives, you can address one of the most significant cybersecurity vulnerabilities — your people.
2. Cybercrime Pays
For many threat actors, money is the key motivation. The idea of making tons of money makes them act with relative impunity and little regard for the law. The allure of taking part in cybercrime is attractive not just for external attackers but also for internal staff within your organization. This is particularly lucrative for staff who have access to highly confidential company and client records.
A 2020 example is given of an attempted attack where a Russian national tried to conspire with an American employee of a Nevada company to introduce malware into a US company’s network. The idea was that once the malware was installed, the attackers would use it to steal company data and demand ransom from the organization. The American employee however reported the incident to the FBI and the attack was thwarted.
There is also another 2020 example of a Chinese national who was sentenced to a two-year jail term for stealing confidential company information worth more than $1 billion from his employer.
What you can do
- Enhance your defenses against data exfiltration to protect your most valuable assets. This may include banning the use of removable media in your organization. Read more on the risks of removable media.
- Build a strong sense of loyalty amongst your staff. By doing so, they will be less likely to want to engage in activities that will be to the detriment of your organization.
- As part of your cybersecurity training sessions, highlight the fines and/or risk of a jail term that they stand to face if found guilty of conspiring to defraud the company.
3. Losses incurred in Cybersecurity Attacks will continue to rise
There has been a significant rise in the losses incurred from cybersecurity breaches in the last three to four years. This can be attributed to the following factors:
- An increase in remote working in the last two years has made cyber breaches more likely to occur in organizations.
- Ransomware demands have risen exponentially in the last three years. Unfortunately, this trend is likely to continue because cybercriminals are realizing there is money in cybercrime. Several prominent companies have cashed out multi-millions of dollars as ransom payments.
- Regulatory fines, opportunity costs and customer loyalty are all costing companies that fall victim to cybercrime.
What you can do
As a business leader, prioritize your online security. Do not skimp on your cybersecurity budget. Take time to invest in solutions to adequately protect your digital infrastructure and data stores that hold company-sensitive data and trade secrets. In many cases, the cost of prevention is likely going to be far less than the cost of recovery.
Stay ahead of Cybersecurity Threats in 2022
Your company’s cybersecurity strategy and plan must remain ever-evolving as the threat landscape changes. And just as cybercriminals never tire of finding new ways to attack companies online, you too should never relax on your efforts to secure your company resources.
As you plan for 2022, keep in mind the changing cybersecurity landscape. Prioritize cybersecurity by allocating both financial resources and ensure you have the right team to guide you on the implementation of your cybersecurity strategy – even if it means outsourcing (some or all of your IT tasks) to an expert.
Kaluari offers a range of cyber resilience solutions that can help you protect your network, users and data from online threats and stay ahead of the curve. Get in touch with us for solutions such as endpoint security (Next-gen firewalls, best antivirus solutions), best-in-class spam filtering services as well as cloud backup and disaster recovery solutions.
